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Method and af1>ajigement for forming and checking a 
checksum for digit^ir^data which are grouped into a 
number of data segments 



In digital communications, i.e.y during the 
excjian<je of diaital dat^> it is frequently desirable to 
eet — ®ti*& tTansmis/ion of the electronic data ■ with*, 




^ TOpcct to tho mocfa^wMPi -e d - aspe-etr s 



* a^^Jxt ^/r«^v er y significant aspect is the protection of 

A 

modi f i cat ion */^Trrr« — uuulu — [jiuLLLii w a r' u j, — cne uil 

of the dat 9 / ^scri^oo of-iht. KtlxtefA QrT 

As a protection against unauthorized 

modification of digital data, the - oo called 1 

cryptographic checksum, . for^ — example - the digital 

^ianature, is known from -{lh The method described in 

^[1] based on forming a hashing value from the 

A 

digital user data and the subsequent cryptographic 



processing of the hashing value by -moanci of a 

A 

cryptographic key. The result is^a cg^^ographic 
checksum. To check the integrity,^ a corresponding 
cryptographic key is used for performing the inverse 
cryptographic operation on the checksum formed and the 
result is compared with the hashing value again 
calculated from the user data. The integrity of th 
user data is ensured when the hashing values 

V^^UlV|i This H ^rcvioual - y - customary procedure 

- Eteceaoitatco 1 — fc+ra-fe the complete user data ^muotr* be 
A * 

present on the receiver side in the identical order in 

which thjffiy 4 were present when the hashing value was 
; i* if \s r\Vt 

formed j- oinoo — othorvaco t ^l e A ^PS™^^ 011 °f ^he hashing 



value leads to an ^ ^uV^lF ^ value. In digital 
communications, however, it is frequently customary to 
subdivide and to transmit the user data to be 
transmitted in relatively small data segments, which are 
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also called data packets, due to protocol boundary 
conditions . 



m 

Ljl. 



s 
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The dat^ ^^qme^tjs ^are frequently not tied to a defined 
order J J&£ — ±& — io note possible to guaranty a defined 

a segments, - in Lift? method 

^ , s quired — f-e-a* the complete 

user data to be reassembled again on the receiver side, 
■ fefro - t — ars — fce — ar&y* after the transmission of the data 
segments, in the order in which they were originally 
sent. The data to be transmitted can only be verified 
in this order. However, this. frequently means 



considerable additional txnre for the flow 

control of the data segments inasmuch as this is 

A 

possible at all within the framework of the protocol 
used. 



•p4-34v' . » general definition for commutative operations ^b-s* 

r alsu yp^Cilio - qk i.. Illustrat i v n l.y ? *- a < commutative — u pej-dLiuii * 
A 

can be understood to be an operation in which the order 



(km oraer* 

-pare ' 



of individual operations is unimportant and .oafch — order * 
of individual ^porafei'Of» always leads to the same total 
o^^ijati^n^^^^^^^tative operation can be, for example, 



an ^EXO f fr operation, an additive operation or also a 
multiplicative operation . 

f T^ o m [ , r» method and a device for generating 
check code segments for the occurrence of source data 
and for determining errors in the source data are- 

known^ StfMMA^y of rwe i^vgJTiDA/ 

0 The invention is thus based on the object of 
specifying methods and arrangements for forming and 
checking a first commutative checksum for digital data 
which are grouped into a number of data segments, in 
which a flow control for the individual data segments 
is no longer required. 

object is achieved by the method according 
to Claim 1, by^h^method according to Claim 2, by the 
method according to Ci^a^rn^ 3, by the arrangement 
according to Claim 
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.ng to Claim 12 and by the 

arrangement acojr^jng to Clair 

In the^method a - oewding- - Claim ' 4 « , a first 
segment checksum is formed for each data segment for 
digital data which are grouped into a number of data 
segments. The first segment checksums formed are 
combined by a commutative operation to form a first 
commutative checksum.. 

e ^ meth 



In the M method -aeeuiUliib- LO 6-laim ■■ jV 

A ' 



a 



predetermined first commutative checksum, which is 
allocated to digital data which are grouped into a 
number of data segments, is checked. This is done by a 
second segment checksum being formed for each data 
segment and a second commutative checksum being formed 
by a commutative operation on the second segment 
checksum. The second commutative checksum and the first 
commutative checksum are checked for a match. 

In the ^method aooording to — Claim 3* for forming 
and checking a first commutative checksum for digital 
data which is grouped into data segments, a first 
segment checksum is formed for each data segment and 
the first data checksums are combined by a commutative 
operation to form a first commutative checksum. For 
each data segment of the digital data to which the 
first commutative checksum is allocated, second segment 
checksums are formed and a second commutative checksum 
is formed by commutative operation on the second 
segment checksums. The second commutative checksum and 
the first commutative checksum are checked for a match. 

The arrangement according to Claim 11 exhibits 
an arithmetic and logic unit which is arranged in such 
a manner that a segment checksum is formed for each 
data segment and that the first commutative checksum is 
formed by a commutative operation on the segment 
checksums . 
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SeionCl has 

The ^arrangement ^rrrrnrrii ng — to Claim 12 ' ^K . foibit-sr 
an arithmetic and logic unit which is arranged in such 
a manner that a second segment checksum is formed for 
each data segment, a second commutative checksum is 
formed by a commutative operation on the second segment 
checksums, and the second commutative checksum (KP2) is 
checked for a match with the first commutative checksum 

(KP1) " , K« 

The arrangement -accordin - g — to Claim lr9 j wririibytrs 
an arithmetic and logic unit which is arranged in such 
a manner that the following method steps are performed: 

a) a segment checksum is formed for each data segment, 

b) the first commutative checksum is formed by a 
commutative operation on the segment checksums, 

c) a second segment checksum is formed for each data 
segment of the digital data to which the first 
commutative checksum is allocated, 

d) a second commutative checksum is formed by a 
commutative operation on the second segment checksums, 
and 

e) the second commutative checksum is checked for a 
match with the first commutative checksum. 

A considerable advantage of the methods and of 
the arrangements can be seen in the fact that, by using 
a commutative operation for individual checksums of the 
data segments, a flow control for the order of the 
individual data segments is no longer required. 

Furthermore, it is no longer required to 
reassemble the complete user data in the original order 
in which the first commutative checksums were formed. 
The order of the individual data segments is no longer 
of significance in the formation of the commutative 
checksum. 
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If the digital data are transmitted between two 
arrangements, a further advantage of JVno^methods can be 
seen in - t>ho~f aofr - that the checking of the integrity can 
already be begun before all data segments have been 
received^ since it is no longer required to maintain the 
original order in forming the first checksum. This 
leads to a timesaving in tne^nJcK^g^ f - Lin iiiLeyillT fr 
«o-f the date - a -r 

■ II 1 u o tfr A ui vc 1 y y — the * invention can be seen in 
the fact that a checksum is formed in the case of a 
number of data segments which, together, form the data 
to be protected, and the individual checksums of the 
data segments are commutatively combined with one 
another . 

Advantageous further developments of the 



jepus further , 



invention are ^toinGd^rom^tno dopondcnt clainu . 

It is advantageous to protect the first 
commutative checksum cryptographically by using at 
least one cryptographic operation. 
•^^> The result of this /urther development is that 
the cryptographic security' of the data is considerably 
increased. A cryptographic operation in this sense is, 
for example, the encrypting of the first commutative 
checksum with a symmetric or also with an assymetric 
encryption method w#ich forms a cryptographic checksum. 
On the receiver s/de, the inverse cryptographic method 
to the cryptographic method is performed in order to 
ensure cryptographic security. 

To form a checksum within the context of the 
document, various possibilities are known: 
- a checksum can be formed by forming hashing values 
for the individual data segments; 



m + 
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- the checksums can also be formed by ^o^cQlle-d- cyclic 
codes (Cyclic Redundancy Check, CRC) ; 

- a cryptographic one-way function can also be used for 
forming the checksums for the data segments. 

The methods can be advantageously used in 
various application scenarios. 

The methods can be used both in the 
transmission of digital data for protection against 
manipulation of the data, and in the archiving of 
digital data in a computer in which the first 
commutative checksum is formed and stored together with 
the data to be archived. The first commutative checksum 
can be checked when the digital data are loaded from 
the archive memory in order to detect any manipulation 
of the archived data. 

The method can be advantageously used for 
protecting digital data^ the cfata segments wliiiB are 
not tied to an order. Examples of such data segments 
are packet-oriented communication protocols, for 
example network management protocols such as the Simple 
Network Management Protocol (SNMP) or the Common 
Management Information Protocol (CMIP) . 

In the text which follows, an illustrative 
embodiment of the invention will be explained in 
greater detail with reference to a Figure. Tfrfn if the 
illustrative embodiment -i-e— explained with reference to 
the Simple Network Management Protocol % (SNMP) in the 
text which follows, - thio * does not UW^^oonty any 
restriction on the applicability of the method. The 
method can be used whenever it is of importance to 
ensure integrity protection for digital data which are 
grouped into a number of data segments. 
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^i-laa Figure chowa two arrangements J data 

segments^ being transmitted from the first arrangement 
to the second arrangement. 

In the Figure, a first computer arrangement Al, 
in which data segments (Di, i = 1 . . n) are stored, is 
shown symbolically. The data segments Di together form 
the digital data which, .are also designated as user 
data, for which wi x i *y nifl — importQnc» to emauie thei^ 

A 

^ntogrity >. 

■ ^Both — fc**e first computer arrangement Al (y^nd . a ^ 

second computer arrangement A2, described in the 



- which — follows — am — each — oas o * contain an arithmetic and 
logic unit R which is arranged in such a manner that 



the method steps described Jn^ tho — text twhiuli Ii>jr±-owg * 

are performed. 

In the first arrangement Al, the data segments 

Di are arranged at positions Pi within the total data 

stream. For each *data j segment Di, a . first segment 

checksum PSi is - [lacurarfr by using a checksum function 

PSF. The individual first segment WooSm PSi are 

A 

combined to form a first commutative checksum KP], by a. 

commutative operation as defined and described 

The commutative operation on the individual checksums 

PSi are shown symbolically by an EXOR symbol © in the 

Figure. 

The first commutative checksum KP1 is subjected 
to a cryptographic - Sfe^h^ffi ^a symmetric or asymmetric 
method, by using a first cryptographic key S (step 
101) . The result of the cryptographic operation is a 
cryptographic checksum KP. 

Both the data segments Di and the cryptographic 
checksum KP are transmitted by a transmission medium, 
preferably a line or also a logical connection which is 
symbolically shown by a communication link UM in the 
Figure, 



• ... 4 
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to a second arrangement A2 where they are received. 

The crossing arrows of the data segments Di in 
the Figure indicate that, due to the transmission of 
the data segments Di, these are received in positions 
Pj ( j = a . . z) which are displaced compared with the 
order in the first arrangement Al . 

Thus, a data segment D2 at the first position 
PI is received as data segment Da in the second 
arrangement A2 . Data segment DI is received as data 
segment Dc in the second arrangement. Data segment Dn 
is received as received data segment Db at the second 
position P2 in the second arrangement A2 . 

In accordance with the method used, either the 
first cryptographic key S is used for performing the 
inverse cryptographic operation on the cryptographic 
checksum KP if a symmetric encryption method is used, 
or a second cryptographic key S' is used if an 
asymmetric cryptographic method is used. 

The result of the inverse cryptographic 
operation (step 102) is again the first commutative 
checksum KP1 with correct encryption and decryption. 

This checksum is stored in the second 
arrangement A2 . For the comparison of the data segments 
D j , which are now received in permutated order compared 
with the original order during the formation of the 
first commutative checksum KP1, second segment 
checksums Psj are formed for the receive.d data segments 
D j , again using the same checksum JhuLhugj^FfeF. 

A 
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The resultant second checksums PSj are again 
commutatively combined with one another to form a 
second commutative checksum K£l2^ 

In a further^%?y^'^3%j / a check is made whether 

A 

5 the first commutative checksum KP1 matches the second 
commutative checksum KP2 . 

If this is so, the integrity of the data 
segments Di, , and thus the integrity of all the digital 
data, is ensured (step 104) if- the cryptographic 
10 methods used or, respectively, the methods used for 
forming checksums ensure the corresponding 

cryptographic security . 

If the first cryptographic checksum KP1 does 
not match the second cryptographic checksum . KP2, the • 
15 integrity of the data segments Di would be^viol^eS' 3 !©^^' ^ 
a manipulation of the data^Ee * ^oun^^i^ ^preferably 
reported to a user of the system. 

The protocol data units (PDU) in SNMP are 
structured in such a manner that the user information 
20 (cjo NjullinJ* variable bindings) can contain a list of 
objects (object indicators, OID/value pairs) . The order 
of the objects within a PDU is not specified so that it 
is possible for a permutation of the objects to occur 
during the transmission of the PDUs between the f irs^ 1 ^^^ 
25 arrangement Al and the second^ arrangement A2 . The 
invention now makes it possible to form a single 
cryptographic checksum over all objects of an SNMP PDU 
without having to take into consideration the order of 
the objects or of the PDUs,. 



jects i or at the PDUs,. 



30 ",cr vta i ±OTrs, alternatives to the 

illustrative embodiment described above irill ■■ be' 



- 10 - • 
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The method for forming the checksum PSF can be, 
for example, a method for forming hashing values. 
However, methods for forming cyclic codes (Cyclic 
Redundancy Check, CRC) using feedback-type shift 
5 registers can also be used. In addition, cryptographic 
one-way functions can be used for forming the checksums 
PSi and, respectively, Ps j . 

Furthermore, the commutative operation can have 
the additional property of associativity. 
) Both the meth6d for forming the checksum and 

* ^the method for checking a checksum can be performed 

tnnWr / or* 

independently of one another ^ ■ ItowcvGi>i^fehc i method 1 fus: 
A / A 
■f ormmg — fe**^ — rhnr$nv\m — and — t-h Q me thod f< pr rhrrlnng fe&e 

« £hyiAaum can a - lcp bo performed jointly, 

' Hbbrr^t&a&o alL 

in smite 



„ d j.g i t a 1^ ri n ta^ jjut ^ j^ o ^ chive the digital data, lit A I 



- digital . , ri .n t ai but tq^archiv 

Vferr aa the dL^ nJL wEtaZ . 

fco co^ l — t^Q — rfborc Lhum in 



the first arrangement Al, 

together with the first commutative checksum KP1 . When 

the archived data are reused, - khat* ic — to ocey* when the 

A 

data segments Di are loaded from the memory of the 
first arrangement Al, the method for checking the first 
commutative checksum KP1 as described above will then 
be performed. The first arrangement Al and the second 
arrangement A2 can thus be identical. i 

■ ^T^uatrQtivoly, — invention can be seen in- 
- *="hQ "fc — — tho oqog — o^a number of data segments which^ 
together^* represent the data to be protected, a 
checksum is formed for each data segment and the 
individual checksums of the data segments are 
commutatively combined with one another. This makes it 
possible to form and to check a checksum without having 
to t flKG^ 1 into conoideratio n the order of the data 

A 

segments. 
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